Milter-greylist

Hi,

I've recently noticed I get a lot of these errors on mail servers:

Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist):
timeout before data read
Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist): to
error state

and later on:

Dec 17 17:00:17 server milter-greylist: oBH6011k029303: skipping greylist
because sender is SPF-compliant, (from=<blah@...>,
rcpt=<blah2@...>, addr=blah.somesevrer.com[xxx.xx.xxx.xx]) ACL 1414

I've tried trouble-shooting what the problem could be, spent some hours on it
but can't figure it out.

I'm running milter-greylist 4.3.5 and 4.3.8 on various mail servers. I'm
slowly upgrading to 4.3.8 as time permits.

This "to error state" error happens on all machines.

I run Scientific Linux 5.5 (RHEL 5.5 derivative) on these mail servers, so use:

sendmail-8.13.8-8.el5.i386

I compile the RPM's of milter-greylist from the SPEC file.

The user I use for milter-greylist is:

smmsp

with the process being:

10229 ?        Ssl    4:04 /usr/bin/milter-greylist -u smmsp -P
/var/milter-greylist/milter-greylist.pid -p
/var/milter-greylist/milter-greylist.sock

and the relevant directory being:

# pwd
/var/milter-greylist
# ll
total 456
-rw------- 1 smmsp smmsp 166130 Dec 17 16:51 greylist.db
-rw------- 1 smmsp smmsp  89089 Dec 17 16:54 greylist.log
-rw------- 1 smmsp smmsp 165152 Dec 12 05:44 greylist.log.1.gz
-rw------- 1 smmsp smmsp   6591 Dec  5 04:42 greylist.log.2.gz
-rw------- 1 smmsp smmsp   4898 Dec  4 04:46 greylist.log.3.gz
-rw------- 1 smmsp smmsp   7919 Nov  8 06:02 greylist.log.4.gz
-rw-r--r-- 1 smmsp smmsp      6 Dec  4 20:49 milter-greylist.pid
srwxr-xr-x 1 root  root       0 Dec  4 20:49 milter-greylist.sock

I've checked various items and can't find where it's failing.

I thought it had to do with the root:root permissions on the socket above,
maybe they had to be smmsp:smmsp ? but I can't seem to change that particular
permission when the milter starts up.

I've run it in verbose mode, but that doesn't help. I've run it in debug mode
(with -v) and that didn't show anything extra either.

The /etc/mail/greylist.conf file passes syntax.

Any ideas how I can trouble-shoot this problem?

Note I've been running milter-greylist for many years and it's always worked
flawlessly on these machines.

Thanks.

Michael.

Michael Mansour <mic@...> wrote:

> I've recently noticed I get a lot of these errors on mail servers:
> Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist):
> timeout before data read
> Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist): to
> error state

That happens if the milter dies, or if sendmail decides the request to
the milter has timed out. The later can easily happen when
milter-greylist perfoms DNS queries. 

Upgrade the timeout in sendmail.cf to fix the problem.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Fri, Dec 17, 2010 at 05:11:44PM +1100, Michael Mansour wrote:
> Hi,
> 
> I've recently noticed I get a lot of these errors on mail servers:
> 
> Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist):
> timeout before data read
> Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist): to
> error state
> 
> and later on:
> 
> Dec 17 17:00:17 server milter-greylist: oBH6011k029303: skipping greylist
> because sender is SPF-compliant, (from=<blah@...>,
> rcpt=<blah2@...>, addr=blah.somesevrer.com[xxx.xx.xxx.xx]) ACL 1414

What about to increase the Milter loglevel?

define(`confMILTER_LOG_LEVEL', `X')dnl

X ...
1 Bad reply codes, socket errors, timeouts, reply and state errors
9 header was added, deleted, replaced message body
10 connect to filters, connect endign
11 empty or missing socket information, unknown socket type, local socket name too long,
        unsafe socket, bad port, open failure, status, aborts
14 replay code, rejects, discards, deferrals
15 milter sender, milter recipient
18 header sent, body sent
22 time to complete a command

(see Sendmail 3rd Ed., p. 1019, \ufffd24.9.70.1)


What are the current milter flag settings, especially the timeout values
from T=... (X-line in .cf, F=, T=)?


Johann E. Klasek

Hi Emmanuel,

You're spot on, I modified sendmail.cf to add:

Xgreylist, S=local:/var/milter-greylist/milter-greylist.sock, T=S:1m;R:1m

The Timeouts at the end were empty.

This seems to have occurred on the sendmail version upgrade performed recently.

Adding the greylist feature into sendmail.mc, running make, would produce the
above in sendmail.cf automatically with other milters.

With this newer sendmail, it doesn't do that but leaves it as:

Xgreylist, S=local:/var/milter-greylist/milter-greylist.sock,

which fails to run due to the last ",".

With the last comma removed, it runs but defaults to timeouts of 10 seconds.
Adding the timeout values fixes it, but there's an underlying problem still to
work out with the sendmail make.

I've checked the file:

/usr/share/sendmail-cf/feature/milter-greylist.m4

and it looks OK to me, with the confGREYLIST_OPTIONS meant to be populating
the sendmail.cf

Basically it doesn't do it while the earlier sendmail I'm sure did. Strange.

Thanks again.

Michael.

> Michael Mansour <mic@...> wrote:
> 
> > I've recently noticed I get a lot of these errors on mail servers:
> > Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist):
> > timeout before data read
> > Dec 17 17:00:14 server sendmail[29303]: oBH6011k029303: Milter (greylist): to
> > error state
> 
> That happens if the milter dies, or if sendmail decides the request 
> to the milter has timed out. The later can easily happen when milter-
> greylist perfoms DNS queries.
> 
> Upgrade the timeout in sendmail.cf to fix the problem.
> 
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
> 
> ------------------------------------
> 
> Yahoo! Groups Links
> 
> 
>